Overview

overview

10

Static

static

10

3c2c9be898...18.exe

windows7-x64

10

3c2c9be898...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c2c9be898e9ee315fb6e2c2b2733f74_JaffaCakes118.exe

  • Size

    283KB

  • MD5

    3c2c9be898e9ee315fb6e2c2b2733f74

  • SHA1

    336dbdcd935817ece8637d1fe95fe8b8b82c9f9b

  • SHA256

    f6853db269b45d6d925567ea24fc06b3d892bcfe4f9667c491841843ed1d97bf

  • SHA512

    e78844734c9d3f38310ded82ca68f8800d42ef8380e4d3dd3a53a9d2d06618873dec0d2e947032cdcbc2976d73dfc5998f9941a74e2760cdc1eb38ef6340d247

  • SSDEEP

    6144:vcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0POQ:vcWkbgTYWnYnt/IDYhPD

Score
10/10
darkcometsavvarattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Savva

C2

127.0.0.1:1604

Mutex

DC_MUTEX-G1V8GJG

Attributes
  • gencode

    lauUBEfLNLxL

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c2c9be898e9ee315fb6e2c2b2733f74_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c2c9be898e9ee315fb6e2c2b2733f74_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1136

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1136-0-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-1-0x00000000001D0000-0x00000000001D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1136-2-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-4-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-5-0x00000000001D0000-0x00000000001D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1136-9-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-11-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-13-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download
  • memory/1136-15-0x0000000000400000-0x00000000004C6000-memory.dmp
    Filesize

    792KB

    Download